Re: [RFC PATCH 1/8] unbound: Add switch to enable Google Safe Search

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 5698 bytes --]

Hi,

What happens when you run “dig google.com” on the console?

The zones should be transparent and resolve any names that are not overlayed by the user-data.

-Michael

> On 1 May 2019, at 15:11, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> Hi,
> 
> Hm. Did I miss something?
> 
> Testing the Safesearch-Feature gives me:
> 
> "Hmm. We’re having trouble finding that site.
> 
> We can’t connect to the server at www.google.de."
> 
> => I can't connect to ANY of the now "safe searching" search engines.
> 
> Only https://yandex.ru/ works...
> 
> Best,
> Matthias
> 
> On 30.04.2019 18:16, Michael Tremer wrote:
>> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
>> ---
>> src/initscripts/system/unbound | 215 +++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 215 insertions(+)
>> 
>> diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
>> index fbb096e0d..4ac8331dc 100644
>> --- a/src/initscripts/system/unbound
>> +++ b/src/initscripts/system/unbound
>> @@ -14,6 +14,7 @@ TEST_DOMAIN_FAIL="dnssec-failed.org"
>> 
>> INSECURE_ZONES=
>> USE_FORWARDERS=1
>> +ENABLE_SAFE_SEARCH=off
>> 
>> # Cache any local zones for 60 seconds
>> LOCAL_TTL=60
>> @@ -21,6 +22,202 @@ LOCAL_TTL=60
>> # EDNS buffer size
>> EDNS_DEFAULT_BUFFER_SIZE=4096
>> 
>> +GOOGLE_TLDS=(
>> +	google.ad
>> +	google.ae
>> +	google.al
>> +	google.am
>> +	google.as
>> +	google.at
>> +	google.az
>> +	google.ba
>> +	google.be
>> +	google.bf
>> +	google.bg
>> +	google.bi
>> +	google.bj
>> +	google.bs
>> +	google.bt
>> +	google.by
>> +	google.ca
>> +	google.cat
>> +	google.cd
>> +	google.cf
>> +	google.cg
>> +	google.ch
>> +	google.ci
>> +	google.cl
>> +	google.cm
>> +	google.cn
>> +	google.co.ao
>> +	google.co.bw
>> +	google.co.ck
>> +	google.co.cr
>> +	google.co.id
>> +	google.co.il
>> +	google.co.in
>> +	google.co.jp
>> +	google.co.ke
>> +	google.co.kr
>> +	google.co.ls
>> +	google.com
>> +	google.co.ma
>> +	google.com.af
>> +	google.com.ag
>> +	google.com.ai
>> +	google.com.ar
>> +	google.com.au
>> +	google.com.bd
>> +	google.com.bh
>> +	google.com.bn
>> +	google.com.bo
>> +	google.com.br
>> +	google.com.bz
>> +	google.com.co
>> +	google.com.cu
>> +	google.com.cy
>> +	google.com.do
>> +	google.com.ec
>> +	google.com.eg
>> +	google.com.et
>> +	google.com.fj
>> +	google.com.gh
>> +	google.com.gi
>> +	google.com.gt
>> +	google.com.hk
>> +	google.com.jm
>> +	google.com.kh
>> +	google.com.kw
>> +	google.com.lb
>> +	google.com.ly
>> +	google.com.mm
>> +	google.com.mt
>> +	google.com.mx
>> +	google.com.my
>> +	google.com.na
>> +	google.com.nf
>> +	google.com.ng
>> +	google.com.ni
>> +	google.com.np
>> +	google.com.om
>> +	google.com.pa
>> +	google.com.pe
>> +	google.com.pg
>> +	google.com.ph
>> +	google.com.pk
>> +	google.com.pr
>> +	google.com.py
>> +	google.com.qa
>> +	google.com.sa
>> +	google.com.sb
>> +	google.com.sg
>> +	google.com.sl
>> +	google.com.sv
>> +	google.com.tj
>> +	google.com.tr
>> +	google.com.tw
>> +	google.com.ua
>> +	google.com.uy
>> +	google.com.vc
>> +	google.com.vn
>> +	google.co.mz
>> +	google.co.nz
>> +	google.co.th
>> +	google.co.tz
>> +	google.co.ug
>> +	google.co.uk
>> +	google.co.uz
>> +	google.co.ve
>> +	google.co.vi
>> +	google.co.za
>> +	google.co.zm
>> +	google.co.zw
>> +	google.cv
>> +	google.cz
>> +	google.de
>> +	google.dj
>> +	google.dk
>> +	google.dm
>> +	google.dz
>> +	google.ee
>> +	google.es
>> +	google.fi
>> +	google.fm
>> +	google.fr
>> +	google.ga
>> +	google.ge
>> +	google.gg
>> +	google.gl
>> +	google.gm
>> +	google.gp
>> +	google.gr
>> +	google.gy
>> +	google.hn
>> +	google.hr
>> +	google.ht
>> +	google.hu
>> +	google.ie
>> +	google.im
>> +	google.iq
>> +	google.is
>> +	google.it
>> +	google.je
>> +	google.jo
>> +	google.kg
>> +	google.ki
>> +	google.kz
>> +	google.la
>> +	google.li
>> +	google.lk
>> +	google.lt
>> +	google.lu
>> +	google.lv
>> +	google.md
>> +	google.me
>> +	google.mg
>> +	google.mk
>> +	google.ml
>> +	google.mn
>> +	google.ms
>> +	google.mu
>> +	google.mv
>> +	google.mw
>> +	google.ne
>> +	google.nl
>> +	google.no
>> +	google.nr
>> +	google.nu
>> +	google.pl
>> +	google.pn
>> +	google.ps
>> +	google.pt
>> +	google.ro
>> +	google.rs
>> +	google.ru
>> +	google.rw
>> +	google.sc
>> +	google.se
>> +	google.sh
>> +	google.si
>> +	google.sk
>> +	google.sm
>> +	google.sn
>> +	google.so
>> +	google.sr
>> +	google.st
>> +	google.td
>> +	google.tg
>> +	google.tk
>> +	google.tl
>> +	google.tm
>> +	google.tn
>> +	google.to
>> +	google.tt
>> +	google.vg
>> +	google.vu
>> +	google.ws
>> +)
>> +
>> # Load optional configuration
>> [ -e "/etc/sysconfig/unbound" ] && . /etc/sysconfig/unbound
>> 
>> @@ -481,6 +678,21 @@ fix_time_if_dns_fail() {
>> 	fi
>> }
>> 
>> +# Sets up Safe Search for various search engines
>> +setup_safe_search() {
>> +	# Nothing to do if safe search is not enabled
>> +	if [ "${ENABLE_SAFE_SEARCH}" != "on" ]; then
>> +		return 0
>> +	fi
>> +
>> +	local domain
>> +
>> +	# Google
>> +	for domain in ${GOOGLE_TLDS[@]}; do
>> +		unbound-control local_data "${domain} CNAME forcesafesearch.google.com."
>> +	done
>> +}
>> +
>> case "$1" in
>> 	start)
>> 		# Print a nicer messagen when unbound is already running
>> @@ -501,6 +713,9 @@ case "$1" in
>> 		# Make own hostname resolveable
>> 		own_hostname
>> 
>> +		# Setup Safe Search
>> +		setup_safe_search
>> +
>> 		# Update any known forwarding name servers
>> 		update_forwarders
>> 
>> 
>